Intrusion Prevention

Apache.HTTP.Server.Error.Page.Host.XSS

Description

This indicates that an attempt to exploit a Cross Site Scripting vulnerability in the Apache Web Server.
The Apache web server is vulnerable to a Cross Site Scripting attack because it does not properly sanitize malicious HTML code when displaying SSI error pages. This could lead to the execution of arbitrary HTML and web scripts.

Affected Products

Apache 2.0 before 2.0.43
Apache 1.3.0 up to 1.3.26

Impact

System Compromise: Remote attackers can gain control of vulnerable systems

Recommended Actions

Upgrade to the latest version available from the website.
http://httpd.apache.org/

CVE References

CVE-2002-0840